Express.co reported that Google has published details about a new security vulnerability that affects both Windows 10 Edge and Internet Explorer 11.
Google has published details about a new security vulnerability within Windows 10 Edge and Internet Explorer 11 that would allow hackers to crash both browsers and remotely execute malicious code.
The new flaw allows hackers to remotely crash both browsers and execute malicious code.
Google’s Project Zero security division privately reported the flaw to Microsoft, back in 25th November.
In line with its policies, Google then publicly disclosed the latest bug this week – after Microsoft failed to patch the bug within 90 days of being notified.
Technology companies enough time to patch the problems before the flaw is made public
Google researcher Ivan Fratric said he was reluctant to publish more details about the bug until it had been successfully patched by Microsoft.
Mr Fratric added in the comments section of his disclose, “I will not make any further comments on exploitability, at least not until the bug is fixed.
“The report has too much info on that as it is (I really didn’t expect this one to miss the deadline).”
The bug was indexed by the National Vulnerability Database as CVE-2017-0037.
The organisation has warned that the vulnerability “allows remote attackers to execute arbitrary code”. It has categorised the exploit as “high-severity”.
The critical vulnerability is not currently being used by cybercriminals in the wild
This is not the first time
Thankfully, there is currently no evidence of the vulnerability being used in any large-scale real-world attacks.
This is not the first time that Google has had to name and shame Microsoft about an unpatched bug in its software.
Last year, Google published details about a critical vulnerability in Windows – something Microsoft was not overly happy about.
The US search firm’s Threat Analysis group disclosed the details of the critical vulnerability in a post on its security blog.
It reported the bug to Microsoft 10 days ago, but the Redmond firm has done nothing
The glitch was being used to bypass the security sandboxing used in the Windows32K system, Google has claimed.
Google said it reported the bug to Microsoft 10 days ago, but the Redmond firm has done nothing to address the issue.
In its official blog, Google wrote: “After seven days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released.
“This vulnerability is particularly serious because we know it is being actively exploited.”